[Webkit-unassigned] [Bug 173844] Intelligent Tracking Prevention removes first party cookie on iOS11 beta v2, not on macOS beta v2
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 29 09:54:29 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=173844
--- Comment #2 from John Wilander <wilander at apple.com> ---
Thanks for the report, Kirk!
It's a little hard for me to follow all the steps and what you expect to happen. This is how I interpret your scenario:
1. At some point tools.com has been visited as a first-party and set a cookie. Let's call that cookie firstPartyToolsCookie.
2. At some point ITP has decided that tools.com has the ability to track the user.
3. The user visits client.com which has an iframe from tools.com.
Am I correct so far? If so, let's look at what happens with ITP enabled.
Scenario A – the user *has* interacted with tools.com the last 24 hours
4. The tools.com iframe will see firstPartyToolsCookie.
5. No cookies are purged.
Scenario B – the user *has* interacted with tools.com the last 30 days but not the last 24 hours
4. The cookies for the tools.com iframe are partitioned. This means that it will not see firstPartyToolsCookie but instead be able to set and see thirdPartyUnderClientToolsCookie.
5. No cookies are purged.
Scenario C – the user *has not* interacted with tools.com the last 30 days
4. The cookies for the tools.com iframe are partitioned. This means that it will not see firstPartyToolsCookie but instead be able to set and see thirdPartyUnderClientToolsCookie.
5. At some point, both firstPartyToolsCookie and thirdPartyUnderClientToolsCookie will be purged. The reason this point is not known is that we don't want to scan website data records all the time because of performance.
Given the above, can you answer these three things for me, please:
First, are you sure tools.com has been classified as having the ability to track the user on both your iOS and macOS devices?
Second, have you interacted with tools.com on any of your two devices, i.e. clicked, tapped, filled out a form on tools.com? Was it the last 24 hours or the last 30 days?
Third, what is the issue you are seeing using the examples firstPartyToolsCookie and thirdPartyUnderClientToolsCookie?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170629/79858a74/attachment.html>
More information about the webkit-unassigned
mailing list